All Products
Search

This Product

    Object Storage Service:0002-00000006

    Document Center

    Object Storage Service:0002-00000006

    Last Updated:Jul 21, 2023

    Problem description

    The security token included in the request is invalid.

    Causes

    STS access credentials are used in the request to access OSS. However, the security token in the request is invalid.

    Examples

    • The AccessKey ID obtained from STS is used in the URL of the request to access OSS. However, the security token specified by the security-token parameter in the URL is inconsistent with the security token obtained from STS.

    • The AccessKey ID obtained from STS is used in the headers of the request to access OSS. However, the security token specified by the x-oss-security-token header is inconsistent with the security token obtained from STS.

    Solutions

    You can perform the following steps to initiate a request by using access credentials obtained from STS:

    1. Call the AssumeRole operation or use STS SDKs for various programming languages to obtain temporary access credentials.

      Temporary access credentials contain a security token and a temporary AccessKey pair that consists of an AccessKey ID and an AccessKey secret. For more information about how to obtain temporary access credentials, see Use temporary credentials provided by STS to access OSS.

    2. Use an SDK or call the RESTful API operation to initiate a request by using access credentials obtained from STS. Example:

      https://examplebucket.oss-cn-hangzhou.aliyuncs.com/oss-api.pdf?OSSAccessKeyId=STS.nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****&security-token=CAISowJ1q6Ft5B2yfSjIr5bgIOz31blR9oWmWBfCs3kDR/xm3Imc1zz2IHxMdHJsCeAcs/Q0lGFR5/sflqJIRoReREvCUcZr8szfWcsZos2T1fau5Jko1be0ewHKeQKZsebWZ+LmNpy/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/kFC9MMRVuAcCZhDtVbLRcYgq18D3bKMuu3ORPHm3fZCFES2jBxkmRi86+ysIP+phPVlw/90fRH5dazcJW0Zsx0OJo6Wcq+3+FqM6DQlTNM6hwNtoUO1fYUommb54nDXwQIvUjfbtC5qIM/cFVLAYEhALNBofTGkvl1h/fejYyfyWwWYbkFCHiPFNr9kJCUSbr4a4sjF6zyPnPWycyCLYXleLzhxPWd/2kagAGaXG69BqwYNvrKKI3W8weP3bNc1wQDMXQfiHpFCRG6lYhh3iXFtpwH90A3sTlxzRGvi8+9p63JwrluOHWs+Fj6S6s0cOhKvKRWYE8UuWeXIvv4l6DAGwHDE8BLjLC11f5prUJgI2wb+3hwuBod32Jx+us/1p996Glao725orcb****
      Important

      Make sure that the security token included in the request is consistent with the security token obtained from STS by calling the AssumeRole operation.